Blog

For me being SSL secured has always been the benchmark as having a bonafide website. That little green padlock next to your websites URL doesn't really mean much for a blog, but I always wanted one. At the start of last year I started thing about trying to get one.

Ever being a skinflint I wanted to pay nothing for it, but logic overcame this thinking as all the free ones either had massive catches that you had to manually renew them every thirty days or they were so free that browsers just didn't rattify them as being legit.

I'd decided at this point to drop the princely sum of $15 on a three year Comodo certificate from these guys. There was a possible stitch up of evorbadent fees come renewal time but my limited research showed up that like car insurance you just go somewhere else to pick up a bargain price again.

Roll on one year and I still hadn't got round to doing it but in my quest to re-find where I'd intended to buy when I came across LetsEncrypt.org, free, auto-renewing and recognised by all the major browers - cool!

So I'll crack on with how to get it on your machine in not time at all....

Instructions

So before we start, check the version of the operating system you are running as the install instructions do vary:

cat /etc/os-release

Certbot

My RaspberryPi Model B is running wheezy so the install instructions from the Certbot wesite gives this this (check the rest of the page in the link for instructions for your OS if different):

But for some reason I got an error back that there was already a server running on port 443 - fairly obvious really, and I would have thought that it could automatically stop the apache server for a moment to enable it to complete seeing as it'd have to in the future to renew your licences. Having read back the instruction in writing this post perhaps I should have added a --apache switch, but too late now...

Webroot

As I said, the other method requires use of an available folder to serve up some files, as my website runs some pretty comprehensive Rewrites chances of it working were slim so after a quick google showed up this set-up in Apache's generic.conf - should be handy for me to be able to quickly get certificates to my other hosted sites later if all goes well. Here is the code you'll need to add for a multisite webroot. To add it, fire up the config with:

To save and exit ctrl+o, enter then ctrl+x. Make sure to change the path to wherever your website is served from in then above then you'll have to reload to apache config at this point to go ahead and and run:

sudo service apache reload

then we can get on with running Certbot and following the instructions:

./certbot-auto certonly

all was reported back as having successfully completed after a short time so good to go.

Certificate install

This is the bit of the process that took the longest for me - I'll admit most of it was user error! I have been runnig a server on port 443 with a snakeoil certificate for my admin login portal for a while and it has to be said the the default apache host script for it is rather lengthly so it took a bit of head scratching before I realised that I was still getting 'get me out of here' messages from my browser was that I hadn't removed all of the code from my previous config.

Renewal

then we are all done, I've still got a couple of months to wait to see of it actually workks, but stay posted and I'll let you know.

Additional domains

I was actually so pleased with the results that I went straight ahead and added my other domain philfish.co.uk to the certificate as well, I can report that the multiple webroot worked a charm and the whole process was finished in a couple of minutes just with the --expand switch with this bit of code.